summaryrefslogtreecommitdiffstats
path: root/vendor/fguillot/picofeed/lib/PicoFeed/Filter/Attribute.php
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/fguillot/picofeed/lib/PicoFeed/Filter/Attribute.php')
-rw-r--r--vendor/fguillot/picofeed/lib/PicoFeed/Filter/Attribute.php84
1 files changed, 63 insertions, 21 deletions
diff --git a/vendor/fguillot/picofeed/lib/PicoFeed/Filter/Attribute.php b/vendor/fguillot/picofeed/lib/PicoFeed/Filter/Attribute.php
index 02126d208..e8012dd98 100644
--- a/vendor/fguillot/picofeed/lib/PicoFeed/Filter/Attribute.php
+++ b/vendor/fguillot/picofeed/lib/PicoFeed/Filter/Attribute.php
@@ -2,7 +2,7 @@
namespace PicoFeed\Filter;
-use \PicoFeed\Client\Url;
+use PicoFeed\Client\Url;
/**
* Attribute Filter class
@@ -29,6 +29,14 @@ class Attribute
private $image_proxy_callback = null;
/**
+ * limits the image proxy usage to this protocol
+ *
+ * @access private
+ * @var string
+ */
+ private $image_proxy_limit_protocol = '';
+
+ /**
* Tags and attribute whitelist
*
* @access private
@@ -225,6 +233,7 @@ class Attribute
'filterBlacklistResourceAttribute',
'filterProtocolUrlAttribute',
'rewriteImageProxyUrl',
+ 'secureIframeSrc',
);
/**
@@ -273,8 +282,8 @@ class Attribute
*
* @access public
* @param string $tag Tag name
- * @param string $attribute Atttribute name
- * @param string $value Atttribute value
+ * @param string $attribute Attribute name
+ * @param string $value Attribute value
* @return boolean
*/
public function filterEmptyAttribute($tag, $attribute, $value)
@@ -287,8 +296,8 @@ class Attribute
*
* @access public
* @param string $tag Tag name
- * @param string $attribute Atttribute name
- * @param string $value Atttribute value
+ * @param string $attribute Attribute name
+ * @param string $value Attribute value
* @return boolean
*/
public function filterAllowedAttribute($tag, $attribute, $value)
@@ -301,8 +310,8 @@ class Attribute
*
* @access public
* @param string $tag Tag name
- * @param string $attribute Atttribute name
- * @param string $value Atttribute value
+ * @param string $attribute Attribute name
+ * @param string $value Attribute value
* @return boolean
*/
public function filterIntegerAttribute($tag, $attribute, $value)
@@ -319,8 +328,8 @@ class Attribute
*
* @access public
* @param string $tag Tag name
- * @param string $attribute Atttribute name
- * @param string $value Atttribute value
+ * @param string $attribute Attribute name
+ * @param string $value Attribute value
* @return boolean
*/
public function filterIframeAttribute($tag, $attribute, $value)
@@ -344,8 +353,8 @@ class Attribute
*
* @access public
* @param string $tag Tag name
- * @param string $attribute Atttribute name
- * @param string $value Atttribute value
+ * @param string $attribute Attribute name
+ * @param string $value Attribute value
* @return boolean
*/
public function filterBlacklistResourceAttribute($tag, $attribute, $value)
@@ -362,8 +371,8 @@ class Attribute
*
* @access public
* @param string $tag Tag name
- * @param string $attribute Atttribute name
- * @param string $value Atttribute value
+ * @param string $attribute Attribute name
+ * @param string $value Attribute value
* @return boolean
*/
public function rewriteAbsoluteUrl($tag, $attribute, &$value)
@@ -376,17 +385,37 @@ class Attribute
}
/**
- * Rewrite image url to use with a proxy (HTTPS resource are ignored)
+ * Turns iframes' src attribute from http to https to prevent
+ * mixed active content
+ *
+ * @access public
+ * @param string $tag Tag name
+ * @param array $attribute Atttributes name
+ * @param string $value Attribute value
+ * @return boolean
+ */
+ public function secureIframeSrc($tag, $attribute, &$value)
+ {
+ if ($tag === 'iframe' && $attribute === 'src' && strpos($value, 'http://') === 0) {
+ $value = substr_replace($value, 's', 4, 0);
+ }
+
+ return true;
+ }
+
+ /**
+ * Rewrite image url to use with a proxy
*
* @access public
* @param string $tag Tag name
- * @param string $attribute Atttribute name
- * @param string $value Atttribute value
+ * @param string $attribute Attribute name
+ * @param string $value Attribute value
* @return boolean
*/
public function rewriteImageProxyUrl($tag, $attribute, &$value)
{
- if ($tag === 'img' && $attribute === 'src' && strpos($value, 'http:') === 0) {
+ if ($tag === 'img' && $attribute === 'src'
+ && ! ($this->image_proxy_limit_protocol !== '' && stripos($value, $this->image_proxy_limit_protocol.':') !== 0)) {
if ($this->image_proxy_url) {
$value = sprintf($this->image_proxy_url, rawurlencode($value));
@@ -404,8 +433,8 @@ class Attribute
*
* @access public
* @param string $tag Tag name
- * @param string $attribute Atttribute name
- * @param string $value Atttribute value
+ * @param string $attribute Attribute name
+ * @param string $value Attribute value
* @return boolean
*/
public function filterProtocolUrlAttribute($tag, $attribute, $value)
@@ -422,7 +451,7 @@ class Attribute
*
* @access public
* @param string $tag Tag name
- * @param array $attributes Atttributes list
+ * @param array $attributes Attributes list
* @return array
*/
public function addAttributes($tag, array $attributes)
@@ -439,7 +468,7 @@ class Attribute
*
* @access public
* @param string $tag Tag name
- * @param array $attributes Atttributes list
+ * @param array $attributes Attributes list
* @return boolean
*/
public function hasRequiredAttributes($tag, array $attributes)
@@ -655,4 +684,17 @@ class Attribute
$this->image_proxy_callback = $callback ?: $this->image_proxy_callback;
return $this;
}
+
+ /**
+ * Set image proxy protocol restriction
+ *
+ * @access public
+ * @param string $value
+ * @return Attribute
+ */
+ public function setImageProxyProtocol($value)
+ {
+ $this->image_proxy_limit_protocol = $value ?: $this->image_proxy_limit_protocol;
+ return $this;
+ }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-19 13:38:57 +0000