Ejemplo n.º 1
 function testMakeHttps()
     $result = URL::makeHttps('http://example.com/');
     self::assertEquals('https://example.com/', $result, 'Transform http protocol to https');
     $result = URL::makeHttps('https://example.com/');
     self::assertEquals('https://example.com/', $result, 'Leave https protocol as-is');
     $result = URL::makeHttps('ftp://example.com/');
     self::assertEquals('ftp://example.com/', $result, 'Do not transform protocols other than http');
     $result = URL::makeHttps('/img/logo.png');
     self::assertEquals('/img/logo.png', $result, 'Do not transform relative links');
Ejemplo n.º 2
  * Retrieve the full size URL for a submission
  * @param string $id
  * @param string $prov
  * @return null|string
 static function getFullsizeURL($id, $prov)
     $stash_url = $prov === 'sta.sh' ? "http://sta.sh/{$id}" : "http://fav.me/{$id}";
     try {
         $stashpage = HTTP::legitimateRequest($stash_url, null, null);
     } catch (CURLRequestException $e) {
         if ($e->getCode() === 404) {
             return 404;
         return 1;
     } catch (\Exception $e) {
         return 2;
     if (empty($stashpage)) {
         return 3;
     $STASH_DL_LINK_REGEX = '(https?://(sta\\.sh|www\\.deviantart\\.com)/download/\\d+/[a-z\\d_]+-d[a-z\\d]{6,}\\.(?:png|jpe?g|bmp)\\?[^"]+)';
     $urlmatch = preg_match(new RegExp('<a\\s+class="[^"]*?dev-page-download[^"]*?"\\s+href="' . $STASH_DL_LINK_REGEX . '"'), $stashpage['response'], $_match);
     if (!$urlmatch) {
         return 4;
     $fullsize_url = HTTP::findRedirectTarget(htmlspecialchars_decode($_match[1]), $stash_url);
     if (empty($fullsize_url)) {
         return 5;
     global $Database;
     if ($Database->where('id', $id)->where('provider', $prov)->has('deviation_cache')) {
         $Database->where('id', $id)->where('provider', $prov)->update('deviation_cache', array('fullsize' => $fullsize_url));
     return URL::makeHttps($fullsize_url);
Ejemplo n.º 3
  * User Information Fetching
  * -------------------------
  * Fetch user info from dA upon request to nonexistant user
  * @param string $username
  * @param string $dbcols
  * @return User|null|false
 function fetch($username, $dbcols = null)
     global $Database, $USERNAME_REGEX;
     if (!$USERNAME_REGEX->match($username)) {
         return null;
     $oldName = $Database->where('old', $username)->getOne('log__da_namechange', 'id');
     if (!empty($oldName)) {
         return self::get($oldName['id'], 'id', $dbcols);
     try {
         $userdata = DeviantArt::request('user/whois', null, array('usernames[0]' => $username));
     } catch (CURLRequestException $e) {
         return null;
     if (empty($userdata['results'][0])) {
         return false;
     $userdata = $userdata['results'][0];
     $ID = strtolower($userdata['userid']);
     /** @var $DBUser User */
     $DBUser = $Database->where('id', $ID)->getOne('users', 'name');
     $userExists = !empty($DBUser);
     $insert = array('name' => $userdata['username'], 'avatar_url' => URL::makeHttps($userdata['usericon']));
     if (!$userExists) {
         $insert['id'] = $ID;
     if (!($userExists ? $Database->where('id', $ID)->update('users', $insert) : $Database->insert('users', $insert))) {
         throw new \Exception('Saving user data failed' . (Permission::sufficient('developer') ? ': ' . $Database->getLastError() : ''));
     if (!$userExists) {
         Logs::action('userfetch', array('userid' => $insert['id']));
     $names = array($username);
     if ($userExists && $DBUser->name !== $username) {
         $names[] = $DBUser->name;
     foreach ($names as $name) {
         if (strcasecmp($name, $insert['name']) !== 0) {
             if (UserPrefs::get('discord_token', $ID) === 'true') {
                 UserPrefs::set('discord_token', '', $ID);
             Logs::action('da_namechange', array('old' => $name, 'new' => $insert['name'], 'id' => $ID), Logs::FORCE_INITIATOR_WEBSERVER);
     return self::get($insert['name'], 'name', $dbcols);
Ejemplo n.º 4
  * Requests or refreshes an Access Token
  * $type defaults to 'authorization_code'
  * @param string $code
  * @param null|string $type
  * @return User|void
 static function getToken(string $code, string $type = null)
     global $Database, $http_response_header;
     if (empty($type) || !in_array($type, array('authorization_code', 'refresh_token'))) {
         $type = 'authorization_code';
     $URL_Start = 'https://www.deviantart.com/oauth2/token?client_id=' . DA_CLIENT . '&client_secret=' . DA_SECRET . "&grant_type={$type}";
     switch ($type) {
         case "authorization_code":
             $json = DeviantArt::request("{$URL_Start}&code={$code}" . OAUTH_REDIRECT_URI, false);
         case "refresh_token":
             $json = DeviantArt::request("{$URL_Start}&refresh_token={$code}", false);
     if (empty($json)) {
         if (Cookie::exists('access')) {
             $Database->where('access', Cookie::get('access'))->delete('sessions');
             Cookie::delete('access', Cookie::HTTPONLY);
     if (empty($json['status'])) {
     $userdata = DeviantArt::request('user/whoami', $json['access_token']);
     /** @var $User Models\User */
     $User = $Database->where('id', $userdata['userid'])->getOne('users');
     if (isset($User->role) && $User->role === 'ban') {
         $_GET['error'] = 'user_banned';
         $BanReason = $Database->where('target', $User->id)->orderBy('entryid', 'ASC')->getOne('log__banish');
         if (!empty($BanReason)) {
             $_GET['error_description'] = $BanReason['reason'];
     $UserID = strtolower($userdata['userid']);
     $UserData = array('name' => $userdata['username'], 'avatar_url' => URL::makeHttps($userdata['usericon']));
     $AuthData = array('access' => $json['access_token'], 'refresh' => $json['refresh_token'], 'expires' => date('c', time() + intval($json['expires_in'])), 'scope' => $json['scope']);
     $cookie = bin2hex(random_bytes(64));
     $AuthData['token'] = sha1($cookie);
     $browser = CoreUtils::detectBrowser();
     foreach ($browser as $k => $v) {
         if (!empty($v)) {
             $AuthData[$k] = $v;
     if (empty($User)) {
         $MoreInfo = array('id' => $UserID, 'role' => 'user');
         $makeDev = !$Database->has('users');
         if ($makeDev) {
             $MoreInfo['id'] = strtoupper($MoreInfo['id']);
         $Insert = array_merge($UserData, $MoreInfo);
         $Database->insert('users', $Insert);
         $User = new User($Insert);
         if ($makeDev) {
     } else {
         $Database->where('id', $UserID)->update('users', $UserData);
     if (empty($makeDev) && !empty($User) && Permission::insufficient('member', $User->role) && $User->isClubMember()) {
     if ($type === 'refresh_token') {
         $Database->where('refresh', $code)->update('sessions', $AuthData);
     } else {
         $Database->where('user', $User->id)->where('scope', $AuthData['scope'], '!=')->delete('sessions');
         $Database->insert('sessions', array_merge($AuthData, array('user' => $UserID)));
     $Database->rawQuery("DELETE FROM sessions WHERE \"user\" = ? && lastvisit <= NOW() - INTERVAL '1 MONTH'", array($UserID));
     Cookie::set('access', $cookie, time() + Time::$IN_SECONDS['year'], Cookie::HTTPONLY);
     return $User ?? null;
Ejemplo n.º 5
 private function _getDirectUrl($id)
     switch ($this->provider) {
         case 'imgur':
             $this->fullsize = "https://i.imgur.com/{$id}.png";
             $this->preview = "https://i.imgur.com/{$id}m.png";
         case 'derpibooru':
             $Data = @file_get_contents("http://derpibooru.org/{$id}.json");
             if (empty($Data)) {
                 throw new \Exception('The requested image could not be found on Derpibooru');
             $Data = JSON::decode($Data);
             if (isset($Data['duplicate_of'])) {
                 return $this->_getDirectUrl($Data['duplicate_of']);
             if (!isset($Data['is_rendered'])) {
                 error_log("Invalid Derpibooru response for ID {$id}\n" . var_export($Data, true));
                 throw new \Exception('Derpibooru returned an invalid API response. This issue has been logged, please <a class="send-feedback">remind us</a> to take a look.');
             if (!$Data['is_rendered']) {
                 throw new \Exception('The image was found but it hasn\'t been rendered yet. Please wait for it to render and try again shortly.');
             $this->fullsize = $Data['representations']['full'];
             $this->preview = $Data['representations']['small'];
             self::_checkImageAllowed($this->fullsize, $Data['mime_type']);
         case 'puush':
             $path = "http://puu.sh/{$id}";
             $image = @file_get_contents($path);
             if (empty($image) || $image === 'That puush could not be found.') {
                 throw new \Exception('The requested image could not be found on Puu.sh');
             if ($image === 'You do not have access to view that puush.') {
                 throw new \Exception('The requested image is a private Puu.sh and the token is missing from the URL');
             $this->fullsize = $this->preview = $path;
         case 'dA':
         case 'fav.me':
         case 'sta.sh':
             if ($this->provider === 'dA') {
                 $id = 'd' . base_convert($id, 10, 36);
                 $this->provider = 'fav.me';
             try {
                 $CachedDeviation = DeviantArt::getCachedSubmission($id, $this->provider);
                 if (!DeviantArt::isImageAvailable($CachedDeviation['preview'])) {
                     $preview = CoreUtils::aposEncode($CachedDeviation['preview']);
                     throw new \Exception("The preview image appears to be unavailable. Please make sure <a href='{$preview}'>this link</a> works and try again, or re-submit the deviation if this persists.");
                 if (!DeviantArt::isImageAvailable($CachedDeviation['fullsize'])) {
                     $fullsize = CoreUtils::aposEncode($CachedDeviation['fullsize']);
                     throw new \Exception("The submission appears to be unavailable. Please make sure <a href='{$fullsize}'>this link</a> works and try again, or re-submit the deviation if this persists.");
             } catch (CURLRequestException $e) {
                 if ($e->getCode() === 404) {
                     throw new \Exception('The requested image could not be found');
                 throw new \Exception($e->getMessage());
             if (empty($CachedDeviation)) {
                 throw new \Exception("{$this->provider} submission information could not be fetched for {$id}");
             $this->preview = $CachedDeviation['preview'];
             $this->fullsize = $CachedDeviation['fullsize'];
             $this->title = $CachedDeviation['title'];
             $this->author = $CachedDeviation['author'];
         case 'lightshot':
             $page = @file_get_contents("http://prntscr.com/{$id}");
             if (empty($page)) {
                 throw new \Exception('The requested page could not be found');
             if (!preg_match(new RegExp('<img\\s+class="image__pic[^"]*"\\s+src="http://i\\.imgur\\.com/([A-Za-z\\d]+)\\.'), $page, $_match)) {
                 throw new \Exception('The requested image could not be found');
             $this->provider = 'imgur';
             throw new \Exception("The image could not be retrieved due to a missing handler for the provider \"{$this->provider}\"");
     $this->preview = URL::makeHttps($this->preview);
     $this->fullsize = URL::makeHttps($this->fullsize);
     $this->id = $id;