function FetchHTMLNoWaitNoFollow($url, $referer = "") { global $cfg, $db; ini_set("allow_url_fopen", "1"); ini_set("user_agent", $_SERVER["HTTP_USER_AGENT"]); $url = cleanURL($url); $domain = parse_url($url); $getcmd = $domain["path"]; if (!array_key_exists("query", $domain)) { $domain["query"] = ""; } $getcmd .= !empty($domain["query"]) ? "?" . $domain["query"] : ""; $cookie = ""; $rtnValue = ""; // If the url already doesn't contain a passkey, then check // to see if it has cookies set to the domain name. if (strpos($domain["query"], "passkey=") === false) { $sql = "SELECT c.data FROM tf_cookies AS c LEFT JOIN tf_users AS u ON ( u.uid = c.uid ) WHERE u.user_id = '" . $cfg["user"] . "' AND c.host = '" . $domain['host'] . "'"; $cookie = $db->GetOne($sql); showError($db, $sql); } if (!array_key_exists("port", $domain)) { $domain["port"] = 80; } if ($rtnValue == "" && function_exists("curl_init") || function_exists("curl_init")) { // Give CURL a Try $ch = curl_init(); if ($cookie != "") { curl_setopt($ch, CURLOPT_COOKIE, $cookie); } curl_setopt($ch, CURLOPT_PORT, $domain["port"]); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_VERBOSE, FALSE); curl_setopt($ch, CURLOPT_HEADER, TRUE); curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, FALSE); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $response = curl_exec($ch); curl_close($ch); $rtnValue = substr($response, strpos($response, "d8:")); $rtnValue = rtrim($rtnValue, "\r\n"); } return $rtnValue; }
$end = end(explode("/", getcwd())); if (strpos($url, $end) > -1) { $www_root = trailingSlash(substr($url, 0, strpos($url, $end) + strlen($end))); } else { $www_root = trailingSlash($url); } } $check = rtrim(str_ireplace($www_root, "", $url), "/"); if (array_key_exists($check, $redirects)) { header("HTTP/1.1 301 Moved Permanently"); header("Location: " . $www_root . $redirects[$check]); die; } // Get requested URL $current_url = $_GET["request_url"]; $path = cleanURL(str_ireplace($www_root, "", $current_url)); // Run scripts if (strpos($path, ".php") && file_exists("site/" . $path)) { include "site/" . $path; die; } // Compute route $route = routeRecursive("site/", explode("/", $path)); // Build the page ob_start(); if ($route["commands"][0] == "") { unset($route["commands"]); } if (file_exists("site/" . $route["path"] . ".html") && count($route["commands"]) == 0) { $file = "site/" . $route["path"] . ".html"; } else {
<?php session_start(); // Get requested URL $www_root = "http://www.formsalontowson.com/"; $current_url = $_GET["request_url"]; $path = cleanURL($current_url); // Compute route $route = routeRecursive("templates/", explode("/", $path)); // Build the page ob_start(); if ($route["commands"][0] == "") { unset($route["commands"]); } if (file_exists("templates/" . $route["path"] . ".php") && count($route["commands"]) == 0) { include "templates/" . $route["path"] . ".php"; } else { include "templates/_404.php"; } $page_content = ob_get_clean(); include "templates/_header.php"; echo $page_content; include "templates/_footer.php"; // Functions function routeRecursive($base = "templates/", $route, $level = 0) { $router = ""; for ($i = 0; $i < $level; $i++) { $router .= $route[$i] . "/"; } $return = array();
$id = $_GET['id']; $sql = "SELECT * FROM flora WHERE id = {$id}"; $query = $pdo->query($sql); $query->execute(); $result = $query->fetchAll(PDO::FETCH_OBJ); if (count($result) == 1) { if (isset($_GET['name']) and !empty($_GET['name'])) { if (cleanURL($result['0']->name) == $_GET['name']) { //right id & name, proceed to flora info page $error = 0; } else { //wrong name, proceed to not found error $error = 1; } } else { header("Location: /flora-informatie/" . $id . "/" . cleanURL($result['0']->name)); exit; } } else { //wrong ID, proceed to not found error $error = 1; } } else { header("Location: /flora-database"); exit; } if ($error == 1) { include '404.php'; } else { head(['header_title' => $result['0']->name, 'header_desc' => $result['0']->latin_name]); $name = $result['0']->name;
public function testCrossProtocolAttack() { $userdata = "mailto:user@example.com?subject=http://"; $expected = "http://*****:*****@example.com?subject=http://"; $this->assertEquals(cleanURL($userdata), $expected); }
<li><a href="#gym-ranking" role="tab" data-toggle="tab">Gym Rankings</a></li> <li><a href="#climb-dist" role="tab" data-toggle="tab" id="climb-dist-tab">Climb Distribution</a></li> </ul> <!-- Tab panes --> <div class="tab-content"> <div class="tab-pane fade in active" id="about-gym"> <div id="gym-list"> <a href="gym-edit.php?gymid=<?php echo $gymid; ?> "><p style="text-align:right">Edit Gym Details...</p></a> <ul class="list-group"> <?php $URL = cleanURL($result['website']); ?> <li class="list-group-item"><b>Website:</b> <a href=<?php echo $URL; ?> target="_blank"><?php echo $URL; ?> </a></li> <li class="list-group-item"><b>Address:</b> <?php echo $result['address']; ?> </li> <li class="list-group-item"><b>City:</b> <?php echo $result['city']; ?>
</h4> <h4 class="event-details"><b>State: </b><?php echo $event_result['state']; ?> </h4> <h4 class="event-details"><b>Country: </b><?php echo country_code_to_country($event_result['countryCode']); ?> </h4> </div> <?php $website_URL = cleanURL($event_result['event_website']); $facebook_URL = cleanURL($event_result['event_facebook']); ?> <div class="col-xs-12 col-sm-6"> <?php if ($event_result['event_startdate'] == $event_result['event_enddate']) { ?> <h4 class="event-details"><b>Date: </b><?php echo date("l, F j, Y", date_format($startdate, 'U')); } else { ?> <h4 class="event-details"><b>Start Date: </b><?php echo date("l, F j, Y", date_format($startdate, 'U')); ?> <h4 class="event-details"><b>End Date: </b><?php echo date("l, F j, Y", date_format($enddate, 'U')); }
$debugString .= "\n 1.0 transaction details validated"; } } else { // Fail if ($debug) { $debugString .= "\n 1.0 transaction details failed"; } } // 1. Build download link $downloadBase = "http://www.o-r-g.com/out/"; // move this to the top? $downloadFileType = ".dmg"; // $downloadPage = "http://www.o-r-g.com/thx"; foreach ($item_name as $key => $value) { $item_name_clean[$key] = cleanURL($value); $downloadLink[$key] = $downloadBase . $item_name_clean[$key] . $downloadFileType; // o-r-g.com/out/xxx // $downloadLink[$key] = $downloadPage . "?" . $item_name_clean[$key]; // o-r-g.com/thx?xxx if ($debug) { $debugString .= "\nkey = " . $key . " value = " . $value; } if ($debug) { $debugString .= "\ndownloadLink = " . $downloadLink[$key]; } } function cleanURL($string) { // $string = strtolower($string); // l.c. // $string = preg_replace("/[^a-z0-9_\s-]/", "", $string); // a-z, 0-9 $string = preg_replace("/[\\s-]+/", " ", $string);