← Back to team overview

mahara-contributors team mailing list archive

  1. mahara-contributors team
  2. Mailing list archive
  3. Message #25604

[Bug 1286935] Re: Allowed iframe check doesn't handle URLs with a question mark immediately after the domain name

  Thread PreviousDate PreviousThread Next 
The problem here is when you first add a allowed iframe source to the
system it appends a / to the end of the url - but it doesn't need to.

I've added a patch 4638 to deal with that.

To test:

1) Add hapyak.com to the allowed iframe sources

2) Add an externalmedia block to a page and add the iframe content from
above.

Before patch the iframe won't load content

3) Check out patch and delete the hapyak.com allowed iframe sources and
re-add it

Now the page should load the iframe content.

** Changed in: mahara/15.04
       Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1286935

Title:
  Allowed iframe check doesn't handle URLs with a question mark
  immediately after the domain name

Status in Mahara ePortfolio:
  In Progress
Status in Mahara 1.10 series:
  Confirmed
Status in Mahara 1.8 series:
  Confirmed
Status in Mahara 1.9 series:
  Confirmed
Status in Mahara 15.04 series:
  In Progress

Bug description:
  See https://mahara.org/interaction/forum/topic.php?id=6124

  In the Mahara forums, a user reported this issue with an embed code
  for hapyak.com. The full embed code:

  <iframe
  src="//hapyak.com?embed=true&amp;edit=false&amp;startInEditMode=false&amp;track=15572&amp;project=3162&amp;key=2a69d0613a6a43b5a613&amp;source=youtube&amp;source_id=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DNWjso1EqSXc&amp;controls=true&amp;nativeControls=false&amp;reset_variables=true&amp;autoplay=false&amp;aspect_ratio=1.3328"
  class="hapyak-embed" marginwidth="0" marginheight="0"
  allowfullscreen="" webkitallowfullscreen="" mozallowfullscreen=""
  frameborder="no" height="699" scrolling="no" width="853"></iframe>

  Note that the URL starts with "//hapyak.com?embed=true...". If you
  change that to "//hapyak.com/?embed=true..." then it works. It looks
  like the problem is that the regular expression we use to identify
  iframes with a valid URL, doesn't handle the scenario of a URL where
  there's a query component but no path component. In other words, a "?"
  immediately after the domain name.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1286935/+subscriptions

References

  Thread PreviousDate PreviousThread Next