]> git.wh0rd.org - tt-rss.git/commitdiff
Merge branch 'master' of github.com:gothfox/Tiny-Tiny-RSS
authorAndrew Dolgov <noreply@fakecake.org>
Tue, 25 Nov 2014 10:48:07 +0000 (13:48 +0300)
committerAndrew Dolgov <noreply@fakecake.org>
Tue, 25 Nov 2014 10:48:07 +0000 (13:48 +0300)
classes/api.php
include/functions2.php

index 730e20ab923c31250b031b43e9da1dff7efb0b97..b9b1a7aa3cd4885a87c016b296349db0a7fc454d 100644 (file)
@@ -2,7 +2,7 @@
 
 class API extends Handler {
 
-       const API_LEVEL  = 9;
+       const API_LEVEL  = 10;
 
        const STATUS_OK  = 0;
        const STATUS_ERR = 1;
@@ -201,6 +201,9 @@ class API extends Handler {
                        $sanitize_content = !isset($_REQUEST["sanitize"]) ||
                                sql_bool_to_bool($_REQUEST["sanitize"]);
                        $force_update = sql_bool_to_bool($_REQUEST["force_update"]);
+                       $has_sandbox = sql_bool_to_bool($_REQUEST["has_sandbox"]);
+
+                       $_SESSION['hasSandbox'] = $has_sandbox;
 
                        $override_order = false;
                        switch ($_REQUEST["order_by"]) {
index 672373e6dddf4fe2b36701c25638ebf8764d3277..866c92ec90b0a3931d753c33ebbdc7b4a70be86e 100644 (file)
 
        }
 
+       function iframe_whitelisted($entry) {
+               $whitelist = array("youtube.com", "youtu.be", "vimeo.com");
+
+               @$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST);
+
+               if ($src) {
+                       foreach ($whitelist as $w) {
+                               if ($src == $w || $src == "www.$w")
+                                       return true;
+                       }
+               }
+
+               return false;
+       }
+
        function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) {
                if (!$owner) $owner = $_SESSION["uid"];
 
 
                $entries = $xpath->query('//iframe');
                foreach ($entries as $entry) {
-                       $entry->setAttribute('sandbox', 'allow-scripts');
+                       if (!iframe_whitelisted($entry)) {
+                               $entry->setAttribute('sandbox', 'allow-scripts');
+                       }
 
                }