friendica/src/Object/OEmbed.php

<?php

namespace Friendica\Object;

/**
 * OEmbed data object
 *
 * @see https://oembed.com/#section2.3
 *
 * @author Hypolite Petovan <hypolite@mrpetovan.com>
 */
class OEmbed
{
	public $embed_url        = '';

	public $type             = '';
	public $title            = '';
	public $author_name      = '';
	public $author_url       = '';
	public $provider_name    = '';
	public $provider_url     = '';
	public $cache_age        = '';
	public $thumbnail_url    = '';
	public $thumbnail_width  = '';
	public $thumbnail_height = '';
	public $html             = '';
	public $url              = '';
	public $width            = '';
	public $height           = '';

	public function __construct($embed_url)
	{
		$this->embed_url = $embed_url;
	}

	public function parseJSON($json_string)
	{
		$properties = json_decode($json_string, true);

		if (empty($properties)) {
			return;
		}

		foreach ($properties as $key => $value) {
			if (in_array($key, ['thumbnail_width', 'thumbnail_height', 'width', 'height'])) {
				// These values should be numbers, so ensure that they really are numbers.
				$value = (int)$value;
			} elseif (is_array($value)) {
				// Ignoring arrays.
			} elseif ($key != 'html') {
				// Avoid being able to inject some ugly stuff through these fields.
				$value = htmlentities($value);
			} else {
				/// @todo Add a way to sanitize the html as well, possibly with an <iframe>?
				$value = mb_convert_encoding($value, 'HTML-ENTITIES', mb_detect_encoding($value));
			}

			if (property_exists(__CLASS__, $key)) {
				$this->{$key} = $value;
			}
		}
	}
}
Fix undefined oembed properties - Add Object\OEmbed class 2018-07-22 13:01:53 -04:00			`<?php`

			`namespace Friendica\Object;`

			`/**`
			`* OEmbed data object`
			`*`
			`* @see https://oembed.com/#section2.3`
			`*`
Update "mrpetovan" email address - Fix Tobias' email address - Fix copypasted doc block in Console/PostUpdate 2018-09-15 19:28:38 -04:00			`* @author Hypolite Petovan <hypolite@mrpetovan.com>`
Fix undefined oembed properties - Add Object\OEmbed class 2018-07-22 13:01:53 -04:00			`*/`
			`class OEmbed`
			`{`
			`public $embed_url = '';`

			`public $type = '';`
			`public $title = '';`
			`public $author_name = '';`
			`public $author_url = '';`
			`public $provider_name = '';`
			`public $provider_url = '';`
			`public $cache_age = '';`
			`public $thumbnail_url = '';`
			`public $thumbnail_width = '';`
			`public $thumbnail_height = '';`
			`public $html = '';`
			`public $url = '';`
			`public $width = '';`
			`public $height = '';`

			`public function __construct($embed_url)`
			`{`
			`$this->embed_url = $embed_url;`
			`}`

			`public function parseJSON($json_string)`
			`{`
			`$properties = json_decode($json_string, true);`

			`if (empty($properties)) {`
			`return;`
			`}`

			`foreach ($properties as $key => $value) {`
Sanitize the OEmbed data before processing it 2018-11-21 02:07:24 -05:00			`if (in_array($key, ['thumbnail_width', 'thumbnail_height', 'width', 'height'])) {`
			`// These values should be numbers, so ensure that they really are numbers.`
			`$value = (int)$value;`
Ignoring OEmbed array values 2018-12-02 16:36:46 -05:00			`} elseif (is_array($value)) {`
			`// Ignoring arrays.`
Sanitize the OEmbed data before processing it 2018-11-21 02:07:24 -05:00			`} elseif ($key != 'html') {`
			`// Avoid being able to inject some ugly stuff through these fields.`
			`$value = htmlentities($value);`
			`} else {`
			`/// @todo Add a way to sanitize the html as well, possibly with an <iframe>?`
			`$value = mb_convert_encoding($value, 'HTML-ENTITIES', mb_detect_encoding($value));`
			`}`

Fix undefined oembed properties - Add Object\OEmbed class 2018-07-22 13:01:53 -04:00			`if (property_exists(__CLASS__, $key)) {`
			`$this->{$key} = $value;`
			`}`
			`}`
			`}`
			`}`