private static function apply(simple_html_dom $dom, $attribute, $elements, ProxyHttpRequest $request) { foreach ($dom->find($elements . '[' . $attribute . ']') as $element) { $attr_val = $element->getAttribute($attribute); if ($attr_val) { // Ignore these links. if (startsWith($attr_val, array('data:', 'javascript:', 'mailto:', '.'))) { continue; } // Turn protocol relative URLs into HTTPS. if (isset($attr_val[1]) && $attr_val[1] == '/' && $attr_val[0] == '/') { $attr_val = 'https:' . $attr_val; $element->setAttribute($attribute, $attr_val); } else { $attr_val_components = parse_url($attr_val); // Nothing to do without paths. if (isset($attr_val_components['path'])) { // Remove current host. if (isset($attr_val_components['host']) && $attr_val_components['host'] == $request->getUrlComponent('host')) { unset($attr_val_components['host']); } // If URL without host. if (!isset($attr_val_components['host'])) { // If path does not start with a slash, prepend current path directory. if ($attr_val_components['path'][0] != '/') { $attr_val_components['path'] = dirname($request->getUrlComponent('path')) . '/' . $attr_val_components['path']; } $attr_val = '.' . http_build_path_query_fragment($attr_val_components); $element->setAttribute($attribute, $attr_val); } } } /* * Special for existing base href values. They should always end with a slash, * but browsers are lenient if it's eg http://example.com. But since we may rewrite * the value later, it might have a path and without the slash it will fail. */ if ($element->tag == 'base') { $last_char = $attr_val[strlen($attr_val) - 1]; if ($last_char != '/') { $attr_val .= '/'; $element->setAttribute($attribute, $attr_val); } } } } }
exit; } } } if (Conf::$apk_url) { if ($_GET[RedirectWhenBlockedFull::QUERY_STRING_PARAM_NAME] == Conf::OUTPUT_TYPE_APP) { require 'app.php'; exit; } if ($_GET[RedirectWhenBlockedFull::QUERY_STRING_PARAM_NAME] == Conf::OUTPUT_TYPE_APP_QR) { require 'app-qr.php'; exit; } } } $request = new ProxyHttpRequest(); // Hijack crossdomain.xml. if ($request->getUrlComponent('path') == '/crossdomain.xml' && getDownstreamOrigin()) { header('Content-Type: application/xml'); $downstream_origin = getDownstreamOrigin(); print <<<EOF <?xml version="1.0" ?> <cross-domain-policy> <site-control permitted-cross-domain-policies="master-only"/> <allow-access-from domain="{$downstream_origin}"/> <allow-http-request-headers-from domain="{$downstream_origin}" headers="*"/> </cross-domain-policy> EOF; exit; } $client = new http\Client();
exit; } } } if (Conf::$apk_url) { if ($_GET[RedirectWhenBlockedFull::QUERY_STRING_PARAM_NAME] == Conf::OUTPUT_TYPE_APP) { require 'app.php'; exit; } if ($_GET[RedirectWhenBlockedFull::QUERY_STRING_PARAM_NAME] == Conf::OUTPUT_TYPE_APP_QR) { require 'app-qr.php'; exit; } } } $request = new ProxyHttpRequest(); // Hijack crossdomain.xml. if ($request->getUrlComponent('path') == '/crossdomain.xml' && getDownstreamOrigin()) { header('Content-Type: application/xml'); $downstream_origin = getDownstreamOrigin(); print <<<EOF <?xml version="1.0" ?> <cross-domain-policy> <site-control permitted-cross-domain-policies="master-only"/> <allow-access-from domain="{$downstream_origin}"/> <allow-http-request-headers-from domain="{$downstream_origin}" headers="*"/> </cross-domain-policy> EOF; exit; } /*