public function render() { $headers = array(); $response = ''; if (count($this->route_matches) > 1) { $site = $this->route_matches[1]; if (!preg_match('@^https?://@i', $site)) { $site = 'http://' . $site; } $headers = @get_headers($site); if (!$headers) { error400('Headers could not be retrieved for that domain.'); return; } foreach ($headers as $header) { $response .= htmlspecialchars($header . "\n"); } } else { $headers = getallheaders(); foreach ($headers as $key => $value) { if (server_or_default('HTTP_X_DAGD_PROXY') == "1") { if (strpos($key, 'X-Forwarded-') === 0 || $key == 'X-DaGd-Proxy') { continue; } } $response .= htmlspecialchars($key . ': ' . $value . "\n"); } } return $response; }
public function render() { if (server_or_default('REQUEST_METHOD') == 'POST') { error400('This service has been deprecated, no new pastes are being accepted.'); return; } else { // Trying to access one? if (count($this->route_matches) > 1) { // Yes $this->paste_id = $this->route_matches[1]; $this->fetch_paste(); if ($this->paste_text) { // NEVER EVER EVER EVER EVER EVER EVER remove this header() without // changing the lines below it. XSS is bad. :) header('Content-type: text/plain; charset=utf-8'); header('X-Content-Type-Options: nosniff'); $this->wrap_pre = false; $this->escape = false; $this->text_html_strip = false; $this->text_content_type = false; return $this->paste_text; } else { error404(); return; } } else { if (!is_html_useragent()) { // No use in showing a form for text UAs. Rather, show help text. return help('DaGdPastebinController'); } $content = ' ***da.gd Pastebin*** This feature is being deprecated and no new pastes are being accepted. '; $markup = new DaGdMarkup($content); $markup = $markup->render(); echo $markup; return; } } }
/** Get the IP for a client. * Use the header X-Forwarded-For if it exists. */ function client_ip() { if (server_or_default('HTTP_X_DAGD_PROXY') == "1" && ($ip = server_or_default('HTTP_X_FORWARDED_FOR'))) { return $ip; } else { return $_SERVER['REMOTE_ADDR']; } }