adding support for whitelist of remote hostnames, #84

2025-09-02 04:02:34 +02:00 · 2015-03-04 11:29:10 +01:00
parent 160b426468
commit f37189c378
8 changed files with 559 additions and 18 deletions
--- a/webroot/img_config.php
+++ b/webroot/img_config.php
@@ -61,15 +61,32 @@ return array(


    /**
-     * Allow or disallow downloading of remote files, images available on
-     * some remote server. Default is to disallow.
+     * Allow or disallow downloading of remote images available on
+     * remote servers. Default is to disallow remote download. 
+     * 
+     * When enabling remote download, the default is to allow download any
+     * link starting with http or https. This can be changed using 
+     * remote_pattern. 
+     *
+     * When enabling remote_whitelist a check is made that the hostname of the 
+     * source to download matches the whitelist. By default the check is 
+     * disabled and thereby allowing download from any hosts.
     *
     * Default values.
-     *  remote_allow:    false
-     *  remote_pattern:  null  // use default values from CImage
+     *  remote_allow:     false
+     *  remote_pattern:   null  // use default values from CImage which is to
+     *                          // allow download from any http- and 
+     *                          // https-source.
+     *  remote_whitelist: null  // use default values from CImage which is to 
+     *                          // allow download from any hosts.
     */
-    //'remote_allow'    => true,
-    //'remote_pattern'  => '#^https?://#',
+    //'remote_allow'     => true,
+    //'remote_pattern'   => '#^https?://#',
+    //'remote_whitelist' => array(
+    //    '\.facebook\.com$',
+    //    '^(?:images|photos-[a-z])\.ak\.instagram\.com$',
+    //    '\.google\.com$'
+    //),