Example #1
0
        curl_setopt($session, CURLOPT_HEADER, true);
        curl_setopt($session, CURLOPT_RETURNTRANSFER, true);

        // Make the call
        $response = curl_exec($session);

        // The web service returns XML. Set the Content-Type appropriately
        header("Content-Type: application/xml", true);
        header("Location: " . parseHttpHeaders($response, "Location"), true);
        header(getStatusMessage("".curl_getinfo($session, CURLINFO_HTTP_CODE)));

        curl_close($session);
        break;
      case 'GET':
        //echo $_GET['url'] . "#";
        $url = encodeUrl($_GET['url']);
        //echo $url;
        if (isset($_GET['secure']) && $_GET['secure'] == "true")
            $url = secureUrl("GET", $url);

        // Open the Curl session
        $session = curl_init($url);

        // fix this security leak
        curl_setopt($session, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
        curl_setopt($session, CURLOPT_HTTPHEADER, getRelevantRequestHeaders());
        curl_setopt($session, CURLOPT_HEADER, false);
        curl_setopt($session, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($session, CURLOPT_SSL_VERIFYPEER, FALSE);
        curl_setopt($session, CURLOPT_SSL_VERIFYHOST, 2);
            echo "<p><img src=\"/SA_Auswertung/resources/{$event[3]}\" alt=\"{$event[1]}\" /></p>\n";
            echo "<p>{$event[5]}</p>\n";
            if ($event[0] == 1) {
                echo "<video controls width=\"600\" height=\"420\" ";
                echo "poster=\"/SA_Auswertung/resources/videos/FooFighters-ThePretender.png\" preload=\"none\">\n";
                echo "<source src=\"/SA_Auswertung/resources/videos/FooFighters-ThePretender.mp4\" type=\"video/mp4\">\n";
                echo "<source src=\"/SA_Auswertung/resources/videos/FooFighters-ThePretender.ogv\" type=\"video/ogg\">\n";
                echo "<iframe width=\"600\" height=\"338\" src=\"http://www.youtube.com/embed/SBjQ9tuuTJQ\" frameborder=\"0\" allowfullscreen></iframe>";
                echo "</video>\n";
            }
            echo "</div>\n";
        }
    } else {
        while (!feof($handle)) {
            $event = fgetcsv($handle);
            $url = "{$baseUrl}/{$event[0]}-" . encodeUrl("{$event[1]}-{$event[2]}");
            echo <<<EVENT
        
            <div class="event-info list">
                <a href="{$url}">
                    <h2>{$event[1]}</h2>
                    <h3>{$event[2]}</h3>
                    <p><img src="/SA_Auswertung/resources/{$event[4]}" alt="{$event[1]}" />{$event[5]}</p>
                    <div class="clear"></div>
                </a>
            </div>
        
EVENT;
        }
    }
    fclose($handle);
Example #3
0
function getUrl($buffer, $forbidden_types, $forbidden_strings)
{
    global $_POST;
    $website = HTTP_HOST;
    $web = parse_url($website);
    strtolower(substr($web['host'], 0, 4)) == "www." ? $web['host'] = substr($web['host'], 4) : null;
    $tmparray = array();
    foreach ($buffer as $key) {
        if ($web['scheme'] . "://www." . $web['host'] . "/" == $key or $web['scheme'] . "://" . $web['host'] . "/" == $key) {
            $key = $website;
        }
        if (strtolower(substr($key, 0, 4)) != "http") {
            // slash management
            if (substr($key, 0, 1) == "/" and substr($website, -1) == "/") {
                $key = substr($key, 1);
                //print $key."<br>";
            }
            ($web['path'] != "" and $web['path'] != "/") ? $key = substr($website, 0, strpos($website, $web['path'])) . $key : ($key = $website . $key);
        }
        $key = preg_replace(array('/([\\?&]PHPSESSID=\\w+)$/i', '/(#[^\\/]*)$/i', '/&amp;/', '/^(javascript:.*)|(javascript:.*)$/i'), array('', '', '&', '', ''), $key);
        $pattern = "/" . $web['scheme'] . ":\\/\\/(.*?)" . $web['host'] . str_replace('/', '\\/', $web['path']) . "/";
        preg_match($pattern, $key, $treffer);
        $key = encodeUrl(trim(relative2absolute($website, $key)));
        /* todo add url from Location: header tag without any check */
        if (!in_array($key, $tmparray) && count($treffer) > 0 && searchInArray($key, $forbidden_strings) == false && in_array(substr($key, strrpos($key, ".")), $forbidden_types) === false) {
            $tmparray[] = $key;
        }
        unset($key, $treffer);
    }
    //endforeach
    unset($buffer);
    return $tmparray;
}
/**
 * Encodes to url-friendly base64.
 *
 * @param string $string_
 *
 * @return string
 */
function encodeBase64Url($string_)
{
    return encodeUrl(base64_encode($string_));
}