Merge pull request #3583 from Roardom/fix-image-whitelist

(Fix) Whitelisted image url domain matching

app/Helpers/Bbcode.php

@@ -13,7 +13,7 @@
 
 namespace App\Helpers;
 
-use App\Models\WhitelistedImageDomain;
+use App\Models\WhitelistedImageUrl;
 
 class Bbcode
 {
@@ -496,15 +496,16 @@ private function sanitizeUrl(string $url, ?bool $isImage = null): string
         }
 
         if ($isImage) {
-            $host = parse_url($url, PHP_URL_HOST);
+            $whitelistedImageUrls = cache()->rememberForever(
+                'whitelisted-image-urls',
+                fn () => WhitelistedImageUrl::query()->pluck('pattern'),
+            );
 
-            if (!\is_string($host)) {
-                return 'Broken link';
-            }
-
-            $whitelistedImageDomains = cache()->rememberForever('whitelisted-image-domains', fn () => WhitelistedImageDomain::query()->pluck('domain'));
+            $isWhitelisted = $whitelistedImageUrls->contains(function (string $pattern) use ($url) {
+                $pattern = str_replace('\*', '.*', preg_quote($pattern, '/'));
 
-            $isWhitelisted = $whitelistedImageDomains->firstWhere(fn ($domain) => str_ends_with($host, $domain)) !== null;
+                return preg_match('/^'.$pattern.'$/i', $url);
+            });
 
             if (!$isWhitelisted) {
                 $url = 'https://wsrv.nl/?url='.urlencode($url);

app/Http/Controllers/Staff/WhitelistedImageUrlController.php

@@ -0,0 +1,59 @@
+<?php
+/**
+ * NOTICE OF LICENSE.
+ *
+ * UNIT3D Community Edition is open-sourced software licensed under the GNU Affero General Public License v3.0
+ * The details is bundled with this project in the file LICENSE.txt.
+ *
+ * @project    UNIT3D Community Edition
+ *
+ * @author     Roardom <roardom@protonmail.com>
+ * @license    https://www.gnu.org/licenses/agpl-3.0.en.html/ GNU Affero General Public License v3.0
+ */
+
+namespace App\Http\Controllers\Staff;
+
+use App\Http\Controllers\Controller;
+use App\Http\Requests\Staff\StoreWhitelistedImageUrlRequest;
+use App\Http\Requests\Staff\UpdateWhitelistedImageUrlRequest;
+use App\Models\WhitelistedImageUrl;
+
+class WhitelistedImageUrlController extends Controller
+{
+    public function index(): \Illuminate\Contracts\View\Factory|\Illuminate\View\View
+    {
+        return view('Staff.whitelisted-image-url.index', [
+            'whitelistedImageUrls' => WhitelistedImageUrl::orderBy('pattern')->get(),
+        ]);
+    }
+
+    public function update(UpdateWhitelistedImageUrlRequest $request, WhitelistedImageUrl $whitelistedImageUrl): \Illuminate\Http\RedirectResponse
+    {
+        $whitelistedImageUrl->update($request->validated());
+
+        cache()->forget('whitelisted-image-urls');
+
+        return to_route('staff.whitelisted_image_urls.index')
+            ->withSuccess('Image url pattern updated successfully.');
+    }
+
+    public function store(StoreWhitelistedImageUrlRequest $request): \Illuminate\Http\RedirectResponse
+    {
+        WhitelistedImageUrl::create($request->validated());
+
+        cache()->forget('whitelisted-image-urls');
+
+        return to_route('staff.whitelisted_image_urls.index')
+            ->withSuccess('New image url pattern whitelisted.');
+    }
+
+    public function destroy(WhitelistedImageUrl $whitelistedImageUrl): \Illuminate\Http\RedirectResponse
+    {
+        $whitelistedImageUrl->delete();
+
+        cache()->forget('whitelisted-image-urls');
+
+        return to_route('staff.whitelisted_image_urls.index')
+            ->withSuccess('Image url pattern removed from whitelist.');
+    }
+}

app/Http/Requests/Staff/StoreWhitelistedImageDomainRequest.php → app/Http/Requests/Staff/StoreWhitelistedImageUrlRequest.php

@@ -15,7 +15,7 @@
 
 use Illuminate\Foundation\Http\FormRequest;
 
-class StoreWhitelistedImageDomainRequest extends FormRequest
+class StoreWhitelistedImageUrlRequest extends FormRequest
 {
     /**
      * Get the validation rules that apply to the request.
@@ -25,11 +25,11 @@ class StoreWhitelistedImageDomainRequest extends FormRequest
     public function rules(): array
     {
         return [
-            'domain' => [
+            'pattern' => [
                 'required',
                 'string',
                 'max:255',
-                'unique:whitelisted_image_domains',
+                'unique:whitelisted_image_urls',
             ],
         ];
     }

app/Http/Requests/Staff/UpdateWhitelistedImageDomainRequest.php → app/Http/Requests/Staff/UpdateWhitelistedImageUrlRequest.php

@@ -15,7 +15,7 @@
 
 use Illuminate\Foundation\Http\FormRequest;
 
-class UpdateWhitelistedImageDomainRequest extends FormRequest
+class UpdateWhitelistedImageUrlRequest extends FormRequest
 {
     /**
      * Get the validation rules that apply to the request.
@@ -25,11 +25,11 @@ class UpdateWhitelistedImageDomainRequest extends FormRequest
     public function rules(): array
     {
         return [
-            'domain' => [
+            'pattern' => [
                 'required',
                 'string',
                 'max:255',
-                'unique:whitelisted_image_domains',
+                'unique:whitelisted_image_urls',
             ],
         ];
     }

app/Models/WhitelistedImageDomain.php → app/Models/WhitelistedImageUrl.php

@@ -18,12 +18,12 @@
 use Illuminate\Database\Eloquent\Model;
 
 /**
- * App\Models\WhitelistedImageDomain.
+ * App\Models\WhitelistedImageUrl.
  *
  * @property int    $id
- * @property string $domain
+ * @property string $pattern
  */
-class WhitelistedImageDomain extends Model
+class WhitelistedImageUrl extends Model
 {
     use Auditable;
     use HasFactory;

database/migrations/2024_02_26_000850_create_whitelisted_image_domains.php

@@ -7,9 +7,9 @@
 return new class () extends Migration {
     public function up(): void
     {
-        Schema::create('whitelisted_image_domains', function (Blueprint $table): void {
+        Schema::create('whitelisted_image_urls', function (Blueprint $table): void {
             $table->increments('id');
-            $table->string('domain')->unique();
+            $table->string('pattern')->unique();
 
             $table->timestamps();
         });

resources/views/Staff/dashboard/index.blade.php

@@ -180,10 +180,10 @@ class="form__button form__button--text"
                 <p class="form__group form__group--horizontal">
                     <a
                         class="form__button form__button--text"
-                        href="{{ route('staff.whitelisted_image_domains.index') }}"
+                        href="{{ route('staff.whitelisted_image_urls.index') }}"
                     >
                         <i class="{{ config('other.font-awesome') }} fa-globe"></i>
-                        Whitelisted Image Domains
+                        Whitelisted Image URLs
                     </a>
                 </p>
                 <p class="form__group form__group--horizontal">