Have to whitelist URLs you can fetch images from

bryanjamesmiller · Sep 19, 2018 · 9abb7c6 · 9abb7c6
1 parent 994743f
commit 9abb7c6
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/config/mail-auto-embed.php b/config/mail-auto-embed.php
@@ -25,4 +25,5 @@
 
     'method' => env('MAIL_AUTO_EMBED_METHOD', 'attachment'),
 
+    'whitelist' => explode(',', env('MAIL_AUTO_EMBED_WHITELIST', '')),
 ];
diff --git a/src/Embedder/AttachmentEmbedder.php b/src/Embedder/AttachmentEmbedder.php
@@ -48,7 +48,7 @@ public function fromUrl($url)
      */
     public function fromRemoteUrl($url)
     {
-        if (strpos($url, 'http') === 0) {
+        if (strpos($url, 'http') === 0 && $this->isUrlInWhitelist($url)) {
             $ch = curl_init($url);
             curl_setopt($ch, CURLOPT_HEADER, 0);
             curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
@@ -91,4 +91,21 @@ protected function embed(Swift_EmbeddedFile $attachment)
     {
         return $this->message->embed($attachment);
     }
+
+
+    /**
+     * @param  string $url
+     * @return boolean
+     */
+    protected function isUrlInWhitelist($url)
+    {
+        $whitelisted_urls = config('mail-auto-embed.whitelist', []);
+        foreach($whitelisted_urls as $whitelist_url) {
+            if(strpos($url, $whitelist_url) === 0) {
+                return true;
+            }
+        }
+
+        return false;
+    }
 }
Original file line number	Diff line number	Diff line change
Expand Up		@@ -25,4 +25,5 @@

		'method' => env('MAIL_AUTO_EMBED_METHOD', 'attachment'),

		'whitelist' => explode(',', env('MAIL_AUTO_EMBED_WHITELIST', '')),
		];