From d15f0349bf1671d3b3704f728372b7fb3f4045bd Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Wed, 27 Nov 2019 11:52:51 +0300
Subject: [PATCH] remove hardcoded iframe domain whitelist, make iframe script
 whitelisting configurable by plugins (HOOK_IFRAME_WHITELISTED)

---
 classes/pluginhost.php | 1 +
 include/functions.php  | 6 ++----
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/classes/pluginhost.php b/classes/pluginhost.php
index ac782e699..6158880f2 100755
--- a/classes/pluginhost.php
+++ b/classes/pluginhost.php
@@ -61,6 +61,7 @@ class PluginHost {
 	const HOOK_GET_FULL_TEXT = 41;
 	const HOOK_ARTICLE_IMAGE = 42;
 	const HOOK_FEED_TREE = 43;
+	const HOOK_IFRAME_WHITELISTED = 44;
 
 	const KIND_ALL = 1;
 	const KIND_SYSTEM = 2;
diff --git a/include/functions.php b/include/functions.php
index c152454b9..0f5464990 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -1250,13 +1250,11 @@
 	}
 
 	function iframe_whitelisted($entry) {
-		$whitelist = array("youtube.com", "youtu.be", "vimeo.com", "player.vimeo.com");
-
 		@$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST);
 
 		if ($src) {
-			foreach ($whitelist as $w) {
-				if ($src == $w || $src == "www.$w")
+			foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_IFRAME_WHITELISTED) as $plugin) {
+				if ($plugin->hook_iframe_whitelisted($src))
 					return true;
 			}
 		}