From a47ca6f866aafaed441074b0879f2fa7a632a3d9 Mon Sep 17 00:00:00 2001
From: Alexey <34516115+siniakinaa@users.noreply.github.com>
Date: Thu, 5 Dec 2024 19:42:36 +0300
Subject: [PATCH 1/3] tests: add more test URLs (#568)

* test: add some urls to players.brightcove.net

* simplecast.com: add more test urls
---
 .../domains/brightcove.com/players.brightcove.net.js  | 11 ++++++++---
 plugins/domains/simplecast.com.js                     |  7 ++++++-
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/plugins/domains/brightcove.com/players.brightcove.net.js b/plugins/domains/brightcove.com/players.brightcove.net.js
index 5d9efb128..8c405bfc6 100644
--- a/plugins/domains/brightcove.com/players.brightcove.net.js
+++ b/plugins/domains/brightcove.com/players.brightcove.net.js
@@ -82,8 +82,13 @@ export default {
     },
 
     tests: [{skipMixins:['oembed-error']},
-        "http://players.brightcove.net/pages/v1/index.html?accountId=5660549837001&playerId=default&videoId=6303785895001&mode=iframe"
-        // But sometimes thumbnail aspect is actually incorrect while oembed default is correct:
-        // https://players.brightcove.net/5132998173001/default_default/index.html?videoId=5795255604001
+        "http://players.brightcove.net/pages/v1/index.html?accountId=5660549837001&playerId=default&videoId=6303785895001&mode=iframe",
+        "https://players.brightcove.net/18140073001/65fa926a-0fe0-4031-8cbf-9db35cecf64a_default/index.html?videoId=6364938310112",
+        "https://players.brightcove.net/18140073001/default_default/index.html?videoId=6364938310112",
+        "https://players.brightcove.net/77374810001/o4XU32Njq_default/index.html?videoId=5489016803001",
+
+        // But sometimes thumbnail aspect is actually incorrect while oembed default is correct (1920x1061):
+        "https://players.brightcove.net/665003303001/6tKQRAx7lu_default/index.html?videoId=6360308130112",
+        "https://players.brightcove.net/665003303001/default_default/index.html?videoId=6360308130112"
     ]
 };    
\ No newline at end of file
diff --git a/plugins/domains/simplecast.com.js b/plugins/domains/simplecast.com.js
index 736b74fb2..8feda22a0 100644
--- a/plugins/domains/simplecast.com.js
+++ b/plugins/domains/simplecast.com.js
@@ -39,7 +39,12 @@ export default {
     },
 
     tests: [    
-        "https://tgd.simplecast.com/episodes/dan-blackman-and-robyn-kanner-the-power-7fe152f4"
+        "https://tgd.simplecast.com/episodes/dan-blackman-and-robyn-kanner-the-power-7fe152f4",
+        "https://i4ctrouble.simplecast.com/episodes/ep-168-a-goodbye-for-now-cZRPJJkH",
+        "https://web3-with-a16z.simplecast.com/episodes/prediction-markets-information-aggregation-mechanisms",
+        "https://a-satellite-view.simplecast.com/episodes/theyre-off-to-a-cataclysmically-bad-start-for-all-the-world-to-see",
+        "https://the-smerconish-podcast.simplecast.com/episodes/todays-poll-question-should-joe-have-pardoned-hunter",
+
         /*
         http://bikeshed.fm/54
         http://bikeshed.fm/57

From 6a0a789e09c047d37e9c80d9c55685ee183e2ab0 Mon Sep 17 00:00:00 2001
From: Ivan Paramonau <i.paramonau@gmail.com>
Date: Mon, 9 Dec 2024 10:52:48 -0500
Subject: [PATCH 2/3] api: block local file paths

---
 modules/api/views.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/api/views.js b/modules/api/views.js
index c17334a6f..4669aab12 100644
--- a/modules/api/views.js
+++ b/modules/api/views.js
@@ -106,6 +106,11 @@ function processInitialErrors(uri, next) {
         next(new utils.HttpError(400, "local domains not supported"));
         return true;
     }
+
+    if (/^(https?:\/\/)?\./i.test(uri)) {
+        next(new utils.HttpError(400, "file paths are not accepted"));
+        return true;
+    }
 }
 
 export default function(app) {

From 3287b6f2ff57d9d69c61861a5d1cdbf5304de21d Mon Sep 17 00:00:00 2001
From: Ivan Paramonau <i.paramonau@gmail.com>
Date: Mon, 9 Dec 2024 10:55:55 -0500
Subject: [PATCH 3/3] api: block more of the local file paths

---
 modules/api/views.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/api/views.js b/modules/api/views.js
index 4669aab12..f0c71d8b8 100644
--- a/modules/api/views.js
+++ b/modules/api/views.js
@@ -107,7 +107,7 @@ function processInitialErrors(uri, next) {
         return true;
     }
 
-    if (/^(https?:\/\/)?\./i.test(uri)) {
+    if (/^(https?:\/\/)?(\.|\/|~)/i.test(uri)) {
         next(new utils.HttpError(400, "file paths are not accepted"));
         return true;
     }