discourse/app/models/embeddable_host.rb

70 lines
1.8 KiB
Ruby
Raw Normal View History

require_dependency 'url_helper'
class EmbeddableHost < ActiveRecord::Base
validate :host_must_be_valid
belongs_to :category
before_validation do
self.host.sub!(/^https?:\/\//, '')
self.host.sub!(/\/.*$/, '')
end
def self.record_for_url(uri)
if uri.is_a?(String)
uri = URI(UrlHelper.escape_uri(uri)) rescue nil
end
return false unless uri.present?
host = uri.host
return false unless host.present?
if uri.port.present? && uri.port != 80 && uri.port != 443
host << ":#{uri.port}"
end
path = uri.path
path << "?" << uri.query if uri.query.present?
where("lower(host) = ?", host).each do |eh|
return eh if eh.path_whitelist.blank?
path_regexp = Regexp.new(eh.path_whitelist)
return eh if path_regexp.match(path) || path_regexp.match(URI.unescape(path))
end
nil
end
def self.url_allowed?(url)
# Work around IFRAME reload on WebKit where the referer will be set to the Forum URL
return true if url&.starts_with?(Discourse.base_url)
uri = URI(UrlHelper.escape_uri(url)) rescue nil
uri.present? && record_for_url(uri).present?
end
private
def host_must_be_valid
if host !~ /\A[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,10}(:[0-9]{1,5})?(\/.*)?\Z/i &&
2017-03-15 17:16:34 -04:00
host !~ /\A(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})(:[0-9]{1,5})?(\/.*)?\Z/ &&
host !~ /\A([a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.)?localhost(\:[0-9]{1,5})?(\/.*)?\Z/i
errors.add(:host, I18n.t('errors.messages.invalid'))
end
end
end
2015-09-17 20:41:10 -04:00
# == Schema Information
#
# Table name: embeddable_hosts
#
2016-10-31 05:32:11 -04:00
# id :integer not null, primary key
2017-12-05 10:29:14 -05:00
# host :string(255) not null
2016-10-31 05:32:11 -04:00
# category_id :integer not null
2017-12-05 10:29:14 -05:00
# created_at :datetime
# updated_at :datetime
2016-10-31 05:32:11 -04:00
# path_whitelist :string
2017-05-12 14:46:57 -04:00
# class_name :string
2015-09-17 20:41:10 -04:00
#