mirror of
https://github.com/discourse/discourse.git
synced 2024-11-25 02:30:57 +08:00
30990006a9
This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging
86 lines
2.1 KiB
Ruby
86 lines
2.1 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require_dependency 'url_helper'
|
|
|
|
class EmbeddableHost < ActiveRecord::Base
|
|
validate :host_must_be_valid
|
|
belongs_to :category
|
|
after_destroy :reset_embedding_settings
|
|
|
|
before_validation do
|
|
self.host.sub!(/^https?:\/\//, '')
|
|
self.host.sub!(/\/.*$/, '')
|
|
end
|
|
|
|
def self.record_for_url(uri)
|
|
|
|
if uri.is_a?(String)
|
|
uri = begin
|
|
URI(UrlHelper.escape_uri(uri))
|
|
rescue URI::Error
|
|
end
|
|
end
|
|
return false unless uri.present?
|
|
|
|
host = uri.host
|
|
return false unless host.present?
|
|
|
|
if uri.port.present? && uri.port != 80 && uri.port != 443
|
|
host << ":#{uri.port}"
|
|
end
|
|
|
|
path = uri.path
|
|
path << "?" << uri.query if uri.query.present?
|
|
|
|
where("lower(host) = ?", host).each do |eh|
|
|
return eh if eh.path_whitelist.blank?
|
|
|
|
path_regexp = Regexp.new(eh.path_whitelist)
|
|
return eh if path_regexp.match(path) || path_regexp.match(URI.unescape(path))
|
|
end
|
|
|
|
nil
|
|
end
|
|
|
|
def self.url_allowed?(url)
|
|
# Work around IFRAME reload on WebKit where the referer will be set to the Forum URL
|
|
return true if url&.starts_with?(Discourse.base_url)
|
|
|
|
uri = begin
|
|
URI(UrlHelper.escape_uri(url))
|
|
rescue URI::Error
|
|
end
|
|
|
|
uri.present? && record_for_url(uri).present?
|
|
end
|
|
|
|
private
|
|
|
|
def reset_embedding_settings
|
|
unless EmbeddableHost.exists?
|
|
Embedding.settings.each { |s| SiteSetting.set(s.to_s, SiteSetting.defaults[s]) }
|
|
end
|
|
end
|
|
|
|
def host_must_be_valid
|
|
if host !~ /\A[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,10}(:[0-9]{1,5})?(\/.*)?\Z/i &&
|
|
host !~ /\A(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})(:[0-9]{1,5})?(\/.*)?\Z/ &&
|
|
host !~ /\A([a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.)?localhost(\:[0-9]{1,5})?(\/.*)?\Z/i
|
|
errors.add(:host, I18n.t('errors.messages.invalid'))
|
|
end
|
|
end
|
|
end
|
|
|
|
# == Schema Information
|
|
#
|
|
# Table name: embeddable_hosts
|
|
#
|
|
# id :integer not null, primary key
|
|
# host :string not null
|
|
# category_id :integer not null
|
|
# created_at :datetime not null
|
|
# updated_at :datetime not null
|
|
# path_whitelist :string
|
|
# class_name :string
|
|
#
|