Андрей (andy) wrote in changelog,
Андрей
andy
changelog

[ljcom] r9953: LJINT-362 (Comments for side projects)

Committer: ailyin
LJINT-362 (Comments for side projects)
U   trunk/cgi-bin/LJ/PartnerSite.pm
Modified: trunk/cgi-bin/LJ/PartnerSite.pm
===================================================================
--- trunk/cgi-bin/LJ/PartnerSite.pm	2011-01-27 10:30:34 UTC (rev 9952)
+++ trunk/cgi-bin/LJ/PartnerSite.pm	2011-01-27 12:08:04 UTC (rev 9953)
@@ -155,8 +155,8 @@
 
 =item *
 
-xdreceiver_url: the URL of a page on the partner's site, to provide a
-cross-domain communication channel
+xdreceiver_path: the path, relative to the domain, of a page on the
+partner's site, to provide a cross-domain communication channel
 
 =item *
 
@@ -195,7 +195,7 @@
 
 __PACKAGE__->mk_accessors qw( id name journal_username journalid journal
                               api_key domain link_pattern custom_css_url
-                              xdreceiver_url rate_limits encoding
+                              xdreceiver_path rate_limits encoding
                               mapping_locked disabled dochash_salt
                               sync_comments_count_url_pattern );
 
@@ -494,6 +494,32 @@
 
 =item *
 
+$partner->xdreceiver_url($domain): return the absolute URL of the xdreceiver
+page on the specified domain.
+
+=cut
+
+sub xdreceiver_url {
+    my ( $self, $domain ) = @_;
+    return 'http://' . $domain . $self->xdreceiver_path;
+}
+
+=item *
+
+$partner->is_domain_trusted($domain): return a boolean value indicating
+if the provided domain belongs to the partner.
+
+=cut
+
+sub is_domain_trusted {
+    my ( $self, $domain ) = @_;
+
+    my $self_domain = $self->domain;
+    return ( $domain =~ /^(?:.*\.)?\Q$self_domain\E$/ ) ? 1 : 0;
+}
+
+=item *
+
 $partner->domain_check_js({ %opts }): return a blob of code that
 checks the domain it's executed on, as a security measure.
 
@@ -514,30 +540,14 @@
     my $domains_out = LJ::JSON->to_json([ $self->domain ]);
 
     if ( $opts->{'mode'} eq 'logcom' ) {
+        my $uri
+            = URI->new( $self->xdreceiver_url( $opts->{'partner_domain'} ) );
+        $uri->query_form( $uri->query_form, 'mode' => 'check_domain' );
+
+        my $url = $uri->as_string;
+
         return qq[
-            <script type="text/javascript">
-            var trustedDomains = $domains_out;
-                
-            var domainMatch = checkDomain(top.window.location.href, trustedDomains);
-    
-            if (!domainMatch) {
-                window.location.href = 'about:blank';
-            }
-    
-            function checkDomain(href, trustedDomains) {
-                var currentDomain = href.match(] .q{/(http\:\/\/)([^\/]*)/} . qq[)[2].split('.').slice(-2).join('.'),
-					currentRegExp = new RegExp(currentDomain.replace('.', '\\\\.') + '\$');
-                
-                for (var i = 0, l = trustedDomains.length; i < l; i++) {
-                    if (trustedDomains[i].search(currentRegExp) != -1) {
-                        return true;
-                    }
-                }
-                
-                return false;
-            }
-			
-            </script>
+            <iframe src="$url"></iframe>
         ];
     } elsif ( $opts->{'mode'} eq 'jsonp' ) {
         my $code = $opts->{'code'};

Tags: andy, ljcom, pm
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments