diff options
Diffstat (limited to 'vendor/fguillot/picofeed/lib/PicoFeed/Filter/Attribute.php')
-rw-r--r-- | vendor/fguillot/picofeed/lib/PicoFeed/Filter/Attribute.php | 84 |
1 files changed, 63 insertions, 21 deletions
diff --git a/vendor/fguillot/picofeed/lib/PicoFeed/Filter/Attribute.php b/vendor/fguillot/picofeed/lib/PicoFeed/Filter/Attribute.php index 02126d208..e8012dd98 100644 --- a/vendor/fguillot/picofeed/lib/PicoFeed/Filter/Attribute.php +++ b/vendor/fguillot/picofeed/lib/PicoFeed/Filter/Attribute.php @@ -2,7 +2,7 @@ namespace PicoFeed\Filter; -use \PicoFeed\Client\Url; +use PicoFeed\Client\Url; /** * Attribute Filter class @@ -29,6 +29,14 @@ class Attribute private $image_proxy_callback = null; /** + * limits the image proxy usage to this protocol + * + * @access private + * @var string + */ + private $image_proxy_limit_protocol = ''; + + /** * Tags and attribute whitelist * * @access private @@ -225,6 +233,7 @@ class Attribute 'filterBlacklistResourceAttribute', 'filterProtocolUrlAttribute', 'rewriteImageProxyUrl', + 'secureIframeSrc', ); /** @@ -273,8 +282,8 @@ class Attribute * * @access public * @param string $tag Tag name - * @param string $attribute Atttribute name - * @param string $value Atttribute value + * @param string $attribute Attribute name + * @param string $value Attribute value * @return boolean */ public function filterEmptyAttribute($tag, $attribute, $value) @@ -287,8 +296,8 @@ class Attribute * * @access public * @param string $tag Tag name - * @param string $attribute Atttribute name - * @param string $value Atttribute value + * @param string $attribute Attribute name + * @param string $value Attribute value * @return boolean */ public function filterAllowedAttribute($tag, $attribute, $value) @@ -301,8 +310,8 @@ class Attribute * * @access public * @param string $tag Tag name - * @param string $attribute Atttribute name - * @param string $value Atttribute value + * @param string $attribute Attribute name + * @param string $value Attribute value * @return boolean */ public function filterIntegerAttribute($tag, $attribute, $value) @@ -319,8 +328,8 @@ class Attribute * * @access public * @param string $tag Tag name - * @param string $attribute Atttribute name - * @param string $value Atttribute value + * @param string $attribute Attribute name + * @param string $value Attribute value * @return boolean */ public function filterIframeAttribute($tag, $attribute, $value) @@ -344,8 +353,8 @@ class Attribute * * @access public * @param string $tag Tag name - * @param string $attribute Atttribute name - * @param string $value Atttribute value + * @param string $attribute Attribute name + * @param string $value Attribute value * @return boolean */ public function filterBlacklistResourceAttribute($tag, $attribute, $value) @@ -362,8 +371,8 @@ class Attribute * * @access public * @param string $tag Tag name - * @param string $attribute Atttribute name - * @param string $value Atttribute value + * @param string $attribute Attribute name + * @param string $value Attribute value * @return boolean */ public function rewriteAbsoluteUrl($tag, $attribute, &$value) @@ -376,17 +385,37 @@ class Attribute } /** - * Rewrite image url to use with a proxy (HTTPS resource are ignored) + * Turns iframes' src attribute from http to https to prevent + * mixed active content + * + * @access public + * @param string $tag Tag name + * @param array $attribute Atttributes name + * @param string $value Attribute value + * @return boolean + */ + public function secureIframeSrc($tag, $attribute, &$value) + { + if ($tag === 'iframe' && $attribute === 'src' && strpos($value, 'http://') === 0) { + $value = substr_replace($value, 's', 4, 0); + } + + return true; + } + + /** + * Rewrite image url to use with a proxy * * @access public * @param string $tag Tag name - * @param string $attribute Atttribute name - * @param string $value Atttribute value + * @param string $attribute Attribute name + * @param string $value Attribute value * @return boolean */ public function rewriteImageProxyUrl($tag, $attribute, &$value) { - if ($tag === 'img' && $attribute === 'src' && strpos($value, 'http:') === 0) { + if ($tag === 'img' && $attribute === 'src' + && ! ($this->image_proxy_limit_protocol !== '' && stripos($value, $this->image_proxy_limit_protocol.':') !== 0)) { if ($this->image_proxy_url) { $value = sprintf($this->image_proxy_url, rawurlencode($value)); @@ -404,8 +433,8 @@ class Attribute * * @access public * @param string $tag Tag name - * @param string $attribute Atttribute name - * @param string $value Atttribute value + * @param string $attribute Attribute name + * @param string $value Attribute value * @return boolean */ public function filterProtocolUrlAttribute($tag, $attribute, $value) @@ -422,7 +451,7 @@ class Attribute * * @access public * @param string $tag Tag name - * @param array $attributes Atttributes list + * @param array $attributes Attributes list * @return array */ public function addAttributes($tag, array $attributes) @@ -439,7 +468,7 @@ class Attribute * * @access public * @param string $tag Tag name - * @param array $attributes Atttributes list + * @param array $attributes Attributes list * @return boolean */ public function hasRequiredAttributes($tag, array $attributes) @@ -655,4 +684,17 @@ class Attribute $this->image_proxy_callback = $callback ?: $this->image_proxy_callback; return $this; } + + /** + * Set image proxy protocol restriction + * + * @access public + * @param string $value + * @return Attribute + */ + public function setImageProxyProtocol($value) + { + $this->image_proxy_limit_protocol = $value ?: $this->image_proxy_limit_protocol; + return $this; + } } |