github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-04 13:04:40 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: don't onebox to IP addresses

Browse Source
This commit is contained in:
Régis Hanol 2017-01-12 22:35:33 +01:00
parent d20cbfb2b3
commit 9f3c38832e
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/onebox/engine/whitelisted_generic_onebox.rb
View File

@ -1,10 +1,12 @@
require "ipaddr"
module Onebox module Onebox
module Engine module Engine
class WhitelistedGenericOnebox class WhitelistedGenericOnebox
# overwrite the whitelist # overwrite the whitelist
def self.===(other) def self.===(other)
true other.is_a?(URI) ? (IPAddr.new(other.hostname) rescue nil).nil? : true
end end
# ensure we're the last engine to be used # ensure we're the last engine to be used

18
spec/components/onebox/engine/whitelisted_generic_onebox_spec.rb Normal file
View File

@ -0,0 +1,18 @@
require 'rails_helper'
describe Onebox::Engine::WhitelistedGenericOnebox do
describe ".===" do
it "matches any domain" do
expect(described_class === URI('http://foo.bar/resource')).to be(true)
end
it "doesn't match an IP address" do
expect(described_class === URI('http://1.2.3.4/resource')).to be(false)
expect(described_class === URI('http://1.2.3.4:1234/resource')).to be(false)
end
end
end