Merge pull request #9915 from MrPetovan/bug/9895-twitter-oembed
Harden OEmbed link discovery
This commit is contained in:
commit
fddac41f00
1 changed files with 16 additions and 18 deletions
|
@ -98,21 +98,23 @@ class OEmbed
|
||||||
// try oembed autodiscovery
|
// try oembed autodiscovery
|
||||||
$html_text = DI::httpRequest()->fetch($embedurl, 15, 'text/*');
|
$html_text = DI::httpRequest()->fetch($embedurl, 15, 'text/*');
|
||||||
if ($html_text) {
|
if ($html_text) {
|
||||||
$dom = @DOMDocument::loadHTML($html_text);
|
$dom = new DOMDocument();
|
||||||
if ($dom) {
|
if ($dom->loadHTML($html_text)) {
|
||||||
$xpath = new DOMXPath($dom);
|
$xpath = new DOMXPath($dom);
|
||||||
$entries = $xpath->query("//link[@type='application/json+oembed']");
|
foreach (
|
||||||
foreach ($entries as $e) {
|
$xpath->query("//link[@type='application/json+oembed'] | //link[@type='text/json+oembed']")
|
||||||
$href = $e->getAttributeNode('href')->nodeValue;
|
as $link)
|
||||||
$json_string = DI::httpRequest()->fetch($href . '&maxwidth=' . $a->videowidth);
|
{
|
||||||
break;
|
$href = $link->getAttributeNode('href')->nodeValue;
|
||||||
}
|
// Both Youtube and Vimeo output OEmbed endpoint URL with HTTP
|
||||||
|
// but their OEmbed endpoint is only accessible by HTTPS ¯\_(ツ)_/¯
|
||||||
$entries = $xpath->query("//link[@type='text/json+oembed']");
|
$href = str_replace(['http://www.youtube.com/', 'http://player.vimeo.com/'],
|
||||||
foreach ($entries as $e) {
|
['https://www.youtube.com/', 'https://player.vimeo.com/'], $href);
|
||||||
$href = $e->getAttributeNode('href')->nodeValue;
|
$result = DI::httpRequest()->fetchFull($href . '&maxwidth=' . $a->videowidth);
|
||||||
$json_string = DI::httpRequest()->fetch($href . '&maxwidth=' . $a->videowidth);
|
if ($result->getReturnCode() === 200) {
|
||||||
break;
|
$json_string = $result->getBody();
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -337,10 +339,6 @@ class OEmbed
|
||||||
|
|
||||||
public static function getHTML($url, $title = null)
|
public static function getHTML($url, $title = null)
|
||||||
{
|
{
|
||||||
// Always embed the SSL version
|
|
||||||
$url = str_replace(["http://www.youtube.com/", "http://player.vimeo.com/"],
|
|
||||||
["https://www.youtube.com/", "https://player.vimeo.com/"], $url);
|
|
||||||
|
|
||||||
$o = self::fetchURL($url, !self::isAllowedURL($url));
|
$o = self::fetchURL($url, !self::isAllowedURL($url));
|
||||||
|
|
||||||
if (!is_object($o) || property_exists($o, 'type') && $o->type == 'error') {
|
if (!is_object($o) || property_exists($o, 'type') && $o->type == 'error') {
|
||||||
|
|
Loading…
Reference in a new issue