some restructuring around oembed providers

app/models/status_message.rb

@@ -157,7 +157,7 @@ class StatusMessage < Post
   def contains_oembed_url_in_text?
     require 'uri'
     urls = URI.extract(self.raw_message, ['http', 'https'])
-    self.oembed_url = urls.find{|url| ENDPOINT_HOSTS_STRING.match(URI.parse(url).host)}
+    self.oembed_url = urls.find{ |url| !TRUSTED_OEMBED_PROVIDERS.find(url).nil? }
   end
 
   protected

config/initializers/oembed.rb

@@ -1,16 +1,20 @@
 require 'oembed'
 require 'uri'
 
-OEmbed::Providers.register_all
+OEmbedCubbies = OEmbed::Provider.new("http://cubbi.es/oembed")
+
+OEmbed::Providers.register(
+  OEmbed::Providers::Youtube,
+  OEmbed::Providers::Vimeo,
+  OEmbed::Providers::Flickr,
+  OEmbed::Providers::SoundCloud,
+  OEmbedCubbies
+)
 OEmbed::Providers.register_fallback(OEmbed::ProviderDiscovery)
+
 #
 # SECURITY NOTICE! CROSS-SITE SCRIPTING!
 # these endpoints may inject html code into our page
 # note that 'trusted_endpoint_url' is the only information
 # in OEmbed that we can trust. anything else may be spoofed!
-SECURE_ENDPOINTS = [::OEmbed::Providers::Youtube.endpoint,
+TRUSTED_OEMBED_PROVIDERS = OEmbed::Providers
-                    ::OEmbed::Providers::Flickr.endpoint,
-                    'http://soundcloud.com/oembed',
-                    'http://cubbi.es/oembed'
-                   ]
-ENDPOINT_HOSTS_STRING = SECURE_ENDPOINTS.map{|e| URI.parse(e.split('{')[0]).host}.to_s