Issue 13819: Ensure to not use OEmbed if not wanted

diff --git a/src/Content/Text/BBCode.php b/src/Content/Text/BBCode.php
index 877e3e2..c75634a 100644 (file)
--- a/src/Content/Text/BBCode.php
+++ b/src/Content/Text/BBCode.php
@@ -1788,7 +1788,7 @@ class BBCode
                                $text = self::normalizeVideoLinks($text);
 
                                // Youtube extensions
-                               if ($try_oembed) {
+                               if ($try_oembed && OEmbed::isAllowedURL('https://www.youtube.com')) {
                                        $text = preg_replace("/\[youtube\]([A-Za-z0-9\-_=]+)(.*?)\[\/youtube\]/ism", '<iframe width="' . $a->getThemeInfoValue('videowidth') . '" height="' . $a->getThemeInfoValue('videoheight') . '" src="https://www.youtube.com/embed/$1" frameborder="0" ></iframe>', $text);
                                } else {
                                        $text = preg_replace(
@@ -1799,7 +1799,7 @@ class BBCode
                                }
 
                                // Vimeo extensions
-                               if ($try_oembed) {
+                               if ($try_oembed && OEmbed::isAllowedURL('https://vimeo.com')) {
                                        $text = preg_replace("/\[vimeo\]([0-9]+)(.*?)\[\/vimeo\]/ism", '<iframe width="' . $a->getThemeInfoValue('videowidth') . '" height="' . $a->getThemeInfoValue('videoheight') . '" src="https://player.vimeo.com/video/$1" frameborder="0" ></iframe>', $text);
                                } else {
                                        $text = preg_replace(
@@ -2057,10 +2057,7 @@ class BBCode
                );
 
                // Default iframe allowed domains/path
-               $allowedIframeDomains = [
-                       'www.youtube.com/embed/',
-                       'player.vimeo.com/video/',
-               ];
+               $allowedIframeDomains = DI::config()->get('system', 'no_oembed_rich_content') ? [] : ['www.youtube.com/embed/', 'player.vimeo.com/video/'];
 
                $allowedIframeDomains = array_merge(
                        $allowedIframeDomains,

diff --git a/static/defaults.config.php b/static/defaults.config.php
index 7439c7f..8a13c61 100644 (file)
--- a/static/defaults.config.php
+++ b/static/defaults.config.php
@@ -429,10 +429,6 @@ return [
                // Don't do count calculations (currently only when showing photo albums).
                'no_count' => false,
 
-               // no_oembed (Boolean)
-               // Don't use OEmbed to fetch more information about a link.
-               'no_oembed' => false,
-
                // no_redirect_list (Array)
                // List of domains where HTTP redirects should be ignored.
                'no_redirect_list' => [],

diff --git a/tests/src/Content/Text/BBCodeTest.php b/tests/src/Content/Text/BBCodeTest.php
index 9078293..d3b05fb 100644 (file)
--- a/tests/src/Content/Text/BBCodeTest.php
+++ b/tests/src/Content/Text/BBCodeTest.php
@@ -35,7 +35,6 @@ class BBCodeTest extends FixtureTest
        {
                parent::setUp();
                DI::config()->set('system', 'remove_multiplicated_lines', false);
-               DI::config()->set('system', 'no_oembed', false);
                DI::config()->set('system', 'allowed_link_protocols', []);
                DI::config()->set('system', 'url', 'https://friendica.local');
                DI::config()->set('system', 'no_smilies', false);