diff options
Diffstat (limited to 'vendor/fguillot/picofeed/lib/PicoFeed/Filter')
-rw-r--r-- | vendor/fguillot/picofeed/lib/PicoFeed/Filter/Attribute.php | 84 | ||||
-rw-r--r-- | vendor/fguillot/picofeed/lib/PicoFeed/Filter/Html.php | 5 |
2 files changed, 66 insertions, 23 deletions
diff --git a/vendor/fguillot/picofeed/lib/PicoFeed/Filter/Attribute.php b/vendor/fguillot/picofeed/lib/PicoFeed/Filter/Attribute.php index 02126d208..e8012dd98 100644 --- a/vendor/fguillot/picofeed/lib/PicoFeed/Filter/Attribute.php +++ b/vendor/fguillot/picofeed/lib/PicoFeed/Filter/Attribute.php @@ -2,7 +2,7 @@ namespace PicoFeed\Filter; -use \PicoFeed\Client\Url; +use PicoFeed\Client\Url; /** * Attribute Filter class @@ -29,6 +29,14 @@ class Attribute private $image_proxy_callback = null; /** + * limits the image proxy usage to this protocol + * + * @access private + * @var string + */ + private $image_proxy_limit_protocol = ''; + + /** * Tags and attribute whitelist * * @access private @@ -225,6 +233,7 @@ class Attribute 'filterBlacklistResourceAttribute', 'filterProtocolUrlAttribute', 'rewriteImageProxyUrl', + 'secureIframeSrc', ); /** @@ -273,8 +282,8 @@ class Attribute * * @access public * @param string $tag Tag name - * @param string $attribute Atttribute name - * @param string $value Atttribute value + * @param string $attribute Attribute name + * @param string $value Attribute value * @return boolean */ public function filterEmptyAttribute($tag, $attribute, $value) @@ -287,8 +296,8 @@ class Attribute * * @access public * @param string $tag Tag name - * @param string $attribute Atttribute name - * @param string $value Atttribute value + * @param string $attribute Attribute name + * @param string $value Attribute value * @return boolean */ public function filterAllowedAttribute($tag, $attribute, $value) @@ -301,8 +310,8 @@ class Attribute * * @access public * @param string $tag Tag name - * @param string $attribute Atttribute name - * @param string $value Atttribute value + * @param string $attribute Attribute name + * @param string $value Attribute value * @return boolean */ public function filterIntegerAttribute($tag, $attribute, $value) @@ -319,8 +328,8 @@ class Attribute * * @access public * @param string $tag Tag name - * @param string $attribute Atttribute name - * @param string $value Atttribute value + * @param string $attribute Attribute name + * @param string $value Attribute value * @return boolean */ public function filterIframeAttribute($tag, $attribute, $value) @@ -344,8 +353,8 @@ class Attribute * * @access public * @param string $tag Tag name - * @param string $attribute Atttribute name - * @param string $value Atttribute value + * @param string $attribute Attribute name + * @param string $value Attribute value * @return boolean */ public function filterBlacklistResourceAttribute($tag, $attribute, $value) @@ -362,8 +371,8 @@ class Attribute * * @access public * @param string $tag Tag name - * @param string $attribute Atttribute name - * @param string $value Atttribute value + * @param string $attribute Attribute name + * @param string $value Attribute value * @return boolean */ public function rewriteAbsoluteUrl($tag, $attribute, &$value) @@ -376,17 +385,37 @@ class Attribute } /** - * Rewrite image url to use with a proxy (HTTPS resource are ignored) + * Turns iframes' src attribute from http to https to prevent + * mixed active content + * + * @access public + * @param string $tag Tag name + * @param array $attribute Atttributes name + * @param string $value Attribute value + * @return boolean + */ + public function secureIframeSrc($tag, $attribute, &$value) + { + if ($tag === 'iframe' && $attribute === 'src' && strpos($value, 'http://') === 0) { + $value = substr_replace($value, 's', 4, 0); + } + + return true; + } + + /** + * Rewrite image url to use with a proxy * * @access public * @param string $tag Tag name - * @param string $attribute Atttribute name - * @param string $value Atttribute value + * @param string $attribute Attribute name + * @param string $value Attribute value * @return boolean */ public function rewriteImageProxyUrl($tag, $attribute, &$value) { - if ($tag === 'img' && $attribute === 'src' && strpos($value, 'http:') === 0) { + if ($tag === 'img' && $attribute === 'src' + && ! ($this->image_proxy_limit_protocol !== '' && stripos($value, $this->image_proxy_limit_protocol.':') !== 0)) { if ($this->image_proxy_url) { $value = sprintf($this->image_proxy_url, rawurlencode($value)); @@ -404,8 +433,8 @@ class Attribute * * @access public * @param string $tag Tag name - * @param string $attribute Atttribute name - * @param string $value Atttribute value + * @param string $attribute Attribute name + * @param string $value Attribute value * @return boolean */ public function filterProtocolUrlAttribute($tag, $attribute, $value) @@ -422,7 +451,7 @@ class Attribute * * @access public * @param string $tag Tag name - * @param array $attributes Atttributes list + * @param array $attributes Attributes list * @return array */ public function addAttributes($tag, array $attributes) @@ -439,7 +468,7 @@ class Attribute * * @access public * @param string $tag Tag name - * @param array $attributes Atttributes list + * @param array $attributes Attributes list * @return boolean */ public function hasRequiredAttributes($tag, array $attributes) @@ -655,4 +684,17 @@ class Attribute $this->image_proxy_callback = $callback ?: $this->image_proxy_callback; return $this; } + + /** + * Set image proxy protocol restriction + * + * @access public + * @param string $value + * @return Attribute + */ + public function setImageProxyProtocol($value) + { + $this->image_proxy_limit_protocol = $value ?: $this->image_proxy_limit_protocol; + return $this; + } } diff --git a/vendor/fguillot/picofeed/lib/PicoFeed/Filter/Html.php b/vendor/fguillot/picofeed/lib/PicoFeed/Filter/Html.php index 7abd740b1..7d6880c69 100644 --- a/vendor/fguillot/picofeed/lib/PicoFeed/Filter/Html.php +++ b/vendor/fguillot/picofeed/lib/PicoFeed/Filter/Html.php @@ -2,8 +2,8 @@ namespace PicoFeed\Filter; -use \PicoFeed\Client\Url; -use \PicoFeed\Parser\XmlParser; +use PicoFeed\Client\Url; +use PicoFeed\Parser\XmlParser; /** * HTML Filter class @@ -98,6 +98,7 @@ class Html if ($this->config !== null) { $this->attribute->setImageProxyCallback($this->config->getFilterImageProxyCallback()); $this->attribute->setImageProxyUrl($this->config->getFilterImageProxyUrl()); + $this->attribute->setImageProxyProtocol($this->config->getFilterImageProxyProtocol()); $this->attribute->setIframeWhitelist($this->config->getFilterIframeWhitelist(array())); $this->attribute->setIntegerAttributes($this->config->getFilterIntegerAttributes(array())); $this->attribute->setAttributeOverrides($this->config->getFilterAttributeOverrides(array())); |